Service provision method and apparatus in a distributed system

ABSTRACT

Access to restricted areas or devices are controlled by based on collecting information about the surrounding environment in connection with those restricted areas or service devices. Generally, one refers to service devices and access to service devices. Area access control can be viewed as being provided by a service device (e.g., an automated door or gate), access to which permits entry to (or exit from) a controlled area. Information about the surrounding environment includes, but is not limited to, the presence or absence of particular individuals, the presence or absence of other service devices, the location and/or proximity of other service devices, the location of the user requesting access to the service device, and so on. Based on knowledge of the surrounding environment, service access to the device can be permitted or denied.

STATEMENT AS TO RIGHTS TO INVENTIONS MADE UNDER FEDERALLY SPONSOREDRESEARCH OR DEVELOPMENT

[0001] NOT APPLICABLE

CROSS-REFERENCES TO RELATED APPLICATIONS

[0002] This application is related to and claims priority from JapanesePatent Application No. 2001-174981, filed on Jun. 11, 2001.

REFERENCE TO A “SEQUENCE LISTING,” A TABLE, OR A COMPUTER PROGRAMLISTING APPENDIX SUBMITTED ON A COMPACT DISK.

[0003] NOT APPLICABLE

BACKGROUND OF THE INVENTION

[0004] The present invention relates to the control of a device thatexecutes prescribed functions. In particular, it targets the field ofsecurity in which access to all types of devices is controlled usinginformation such as an access control list (ACL). The present inventionfurther relates to technology that can be applied in fields such asentry and exit management, theft prevention, and goods management.

[0005] Conventional access control methods in distributed systems inwhich a multiplicity of devices are located include the method describedin European Patent Application No. 99307937.5 (EP 0 992 873 A2). In thismethod, access was controlled to suit user attributes by providing adistributed access control list (ACL) for each device within the system.The work involved in settings was reduced and setting errors preventedby enabling settings to be made without having to login each time to thecomputer for which the settings were required.

[0006] However, one of the limitations of the above conventionaltechnology was that, in situations in which, for example in an officebuilding visited by various users, entry was prohibited into restrictedareas that housed important objects but allowed in other cases,conventional standardized access control suffered because of the timedelays that occurred after settings relating to the access levels ofoperators and managers were altered or requests were made to change usersettings.

SUMMARY OF THE INVENTION

[0007] Apparatus for service provision is made in accordance with amethod comprising obtaining a request for service from a requestingdevice. Peripheral information about devices proximate the servicedevice or proximate the requesting device is obtained. Service isprovided based at least on the peripheral information. In another aspectof the invention, history information relating to at least one of theservice device and the requesting device is a further basis for whetheror not the service is provided. In still another aspect of theinvention, information relating to the user of the requesting device isa further basis for whether or not the service is provided.

BRIEF DESCRIPTION OF THE DRAWINGS

[0008]FIG. 1 shows an aspect of the application of an access controlsystem in an example embodiment of the present invention;

[0009]FIG. 2 shows constitution of an access control system according toan embodiment of the present invention;

[0010]FIG. 3 is a flowchart that shows processing throughout the systemaccording to an embodiment of the present invention;

[0011]FIG. 4 is a flowchart that shows peripheral device detectionprocessing in a mobile terminal according to an embodiment of thepresent invention;

[0012]FIG. 5 is a flowchart that shows the equipment configurationmanagement processing (non-resident processing) in a mobile terminalaccording to an embodiment of the present invention;

[0013]FIG. 6 is a flowchart that shows the equipment configurationmanagement processing (resident processing) in a mobile terminalaccording to an embodiment of the present invention;

[0014]FIG. 7 is a flowchart that shows the peripheral device detectionprocessing in a service device according to an embodiment of the presentinvention;

[0015]FIG. 8 is a flowchart that shows the equipment configurationmanagement processing (non-resident processing) in a service deviceaccording to an embodiment of the present invention;

[0016]FIG. 9 is a flowchart that shows the equipment configurationmanagement processing (resident processing) in the service deviceaccording to an embodiment of the present invention;

[0017]FIG. 10 shows a message sent by a user via a mobile terminal whenrequesting a service according to an embodiment of the presentinvention;

[0018]FIG. 11 shows the information sent from the user according to anembodiment of the present invention;

[0019]FIG. 12 shows the user's peripheral device information accordingto an embodiment of the present invention;

[0020]FIG. 13 shows the EACL that uses the peripheral device informationaccording to an embodiment of the present invention;

[0021]FIG. 14 shows the relationship between access levels andexecutable processing according to an embodiment of the presentinvention;

[0022]FIG. 15 shows the judgment standards for peripheral devicesaccording to an embodiment of the present invention;

[0023]FIG. 16 shows a method for fixing a peripheral threshold(neighborhood distance threshold) according to an embodiment of thepresent invention;

[0024]FIG. 17 is a schematic view of different peripheral distances forservices according to an embodiment of the present invention;

[0025]FIG. 18 is a schematic view that shows a first illustrativeembodiment in which the access control method in the present inventionis applied;

[0026]FIG. 19 is a schematic view that shows a second illustrativeembodiment in which the access control method in the present inventionis applied;

[0027]FIG. 20 shows the constitution of the system of a sixthillustrative embodiment in which the access control method in thepresent invention is applied;

[0028]FIG. 21 shows the constitution of the system of a thirdillustrative embodiment in which the access control method in thepresent invention is applied;

[0029]FIG. 22 shows the constitution of the system of a fourthillustrative embodiment in which the access control method in thepresent invention is applied;

[0030]FIG. 23 shows the EACL in which the access level changes accordingto the period of time during which a service is requested or providedaccording to an embodiment of the present invention;

[0031]FIG. 24 shows the constitution of the system of a fifthillustrative embodiment in which the access control method in thepresent invention is applied;

[0032]FIG. 25 shows the constitution of a history information data basefor users and equipment according to an embodiment of the presentinvention;

[0033]FIG. 26 shows the EACL when a history information data base isused in the present invention; and

[0034]FIG. 27 is a flowchart that shows processing throughout the systemaccording to an embodiment of the present invention when a historyinformation data base is used.

DESCRIPTION OF THE SPECIFIC EMBODIMENTS

[0035] A brief introduction to various aspects of the present inventionis presented before discussing the specific illustrative embodiments. Ineach of its various aspects, the present invention processes informationfor service provision including access control to suit peripheralinformation relating to the device. Peripheral information isinformation relating to operational state of various devices detectedwithin a prescribed area around a service-providing device, and providesthe conditions for service provision to be given by theservice-providing device (or more succinctly, the “service device”).Peripheral information includes information that shows the status ofother devices within a prescribed range around the prescribed device.The status of other devices includes whether or not other devices(pre-determined) exist, and the operating status of other devices.Peripheral information also includes information that shows whether ornot the person who will receive a service is present in the prescribedrange around a device and whether or not that person has the right toreceive that service.

[0036] Peripheral information also includes history information relatedto a device, either or both the service-providing device and a servicerequesting device. For example, history information may include a recordof people or other devices requesting service from a service-providingdevice, a record of other devices that have come or been brought withinthe proximity of the device (e.g., people passing the device),identification of different locations of the device (e.g., a piece ofequipment may be carried from one location to another), a record ofenvironmental conditions of a location of the device (e.g., temperature,forces due to acceleration, etc.), and so on. It can be concluded fromthe foregoing that the history information may contain a wide variety ofdata which can be stored and subsequently accessed in making adetermination whether to grant a requested service.

[0037] Generally, the present invention controls whether or not aservice device will provide a prescribed service in accordance withwhether or not a requesting device that requests a service satisfiescertain conditions for the requested service. For example, whether therequesting device exists within a prescribed range from the servicedevice that will provide a prescribed service and in accordance withwhether or not a peripheral device that allocates rights to receive aservice exists within a prescribed range from the service device orrequesting device.

[0038] An example will be explained in an illustrative embodiment inwhich the service device is something such as a door that controls entryand exit, in which the requesting device is a mobile telephone, and inwhich the peripheral device is an ID card that stores information toelectronically identify an individual or an organization. In thisexample, a command to open a door with a key to enable entry into aprescribed room, is sent from a mobile telephone to the door. When thecontrol device that controls the locking and unlocking of a door by akey receives the command, if an ID card that identifies an individualwho is allowed entry to this room exists within the prescribed rangefrom the door or mobile telephone, it will unlock the door in responseto the request from the mobile telephone. The existence of the ID cardcan also be confirmed by the issue of radio waves from the controldevice.

[0039] The present invention also includes the ability to change adevice that can access a service device (user who can receive a service)to suit peripheral information.

[0040] Various illustrative embodiments of the present invention willnow be described in connection with the figures.

[0041]FIG. 1 is an aspect of the application of an access control systemin the present invention. Its main components include: a user 0110 whorequests a service from a service device (electronic lock) 0114; amobile terminal 0111 that provides a user interface; a user's peripheraldevices (for example, an ID card and mobile terminal) 0113 owned by acompanion 0112 existing in the periphery of the mobile terminal 0111; aservice device (electronic lock) 0114 that provides a service requestedby a user; and peripheral devices (for example, an unregistered ID cardand mobile terminal 0116 held by a suspicious person 0115 located nearthe service device (electronic lock) 0114.

[0042]FIG. 2 is a schematic view of the access control system in thepresent invention. Its main components are a user 0210, mobile terminal(service requesting device) 0211, service device 0220, one or moreuser's peripheral devices 0218, and zero or more equipment peripheraldevices 0228. User's peripheral devices refers to devices within adetectable periphery of the user, while equipment peripheral devicesrefers to devices within a detectable periphery about a service device.In this system, a multiplicity of devices are scattered around in theenvironment, an extended access control list (EACL) 0223 is stored inthe hard disk of each service device 0220, and there are radiocommunication modules (that can use prescribed communication technology)that use a common communication protocol.

[0043] The user 0210 requests the necessary service via a mobileterminal 0211 (for example a mobile telephone or PDA) and receives theservice from the service device 0220. The user 0210 uses the mobileterminal 0211 to send personal verification information (user ID:676001027, group ID: 105 u) or service information (requested serviceID: unlock interview room) to the service device.

[0044] Note here that the personal verification information is stored inthe mobile terminal 0211 and the service information can be selectedfrom a list of services acquired via a network. The peripheral devicedetection processing 0216 in the mobile terminal 0211 sends a peripheraldevice detection signal to communication processing 0217 in the mobileterminal 0211. The communication processing 0217 implements broadcasttransmission of a send device information request signal to peripheraldevices. When a user's peripheral device 0218 that exists within thewireless communication receives the send device information requestsignal, it uses communication processing 0219 to send the status of theperipheral device (for example, operating or sleeping) and its ownunique global ID (peripheral device ID: F0032A8) to communicationprocessing 0217. The communication processing 0217 that receives theperipheral device information sends the information to peripheral devicedetection processing 0216. The peripheral device detection processing0216 that receives the peripheral device information writes thisperipheral device information into a table in the user's peripheraldevice information data base 0214.

[0045] Furthermore, peripheral device detection processing 0216 combinesperipheral device information with personal verification information orrequested service information sent first from the user 0210, and sendsthis to the service device 0220. Peripheral device detection processing0216 is always activated and detects a user's peripheral devices 0218 atregular intervals. The access control processing 0222 in the servicedevice 0220 that receives user information or user peripheralinformation requests that its own peripheral devices around equipmentdetection processing 0224 collects information about equipmentperipheral devices 0228 near the service device 0220. The peripheraldevice around equipment detection processing 0224 that receives therequest uses the same processing as the user's peripheral devicedetection processing 0216 in the above mobile terminal 0211 to acquireinformation relating to equipment peripheral devices 0228. In addition,it writes the acquired peripheral device information into a table in theperipheral device information DB 0226. The peripheral device aroundequipment detection processing 0224 sends the acquired peripheral deviceinformation to access control processing 0222.

[0046] The access control processing 0222 that receives the peripheraldevice information refers to the EACL 0223 stored in the service device0220. At this time, it uses the user information or user's peripheralinformation and the above service device peripheral information receivedfrom the mobile terminal 0211. By referring to the received information(user ID, group ID, requested service ID, user's peripheral deviceinformation, and equipment and peripheral device information) and theEACL 0223, the access control processing 0222 determines the accesslevel. Note here that the access level is also sometimes determined byreferring to the history information 0230 relating to the user'speripheral devices 0218 and the user 0210. This is then compared withthe access level determined after reference to the EACL 0223, and theaccess level determined in accordance with a given policy (for example,use the lowest access level). Access control processing 0222 controlsthe service device 0212 with the determined access level mode andprovides the service to the user 0210. Detailed explanation of the flowsof information and services at this time are provided in FIGS. 3 through9.

[0047] It is also noted here that a service device 0220 can also requestthat the above user personal information and user peripheral informationbe sent at any time, not only when a request for a service has been sentfrom a user 0210.

[0048]FIG. 3 is a flowchart that shows processing throughout the systemin the present invention. In ST0310, a user 0210 requests a service of aservice device 0220 via a mobile terminal 0211. Here, the user 0210 usesa mobile terminal 0211 to either clearly enters their user ID, group ID,and requested service ID or selects one of the items stored in themobile terminal 0211 and sends a message to the service device 0220. InST03 11, the mobile terminal 0211 that receives the send userinformation message request starts to detect the user's peripheraldevices 0218. The mobile terminal 0211 receives the device informationfrom the user's peripheral devices 0218.

[0049] It also checks whether or not there are any other peripheraldevices in existence. If a user's peripheral devices 0218 exist,processing is repeated. If there are no user's peripheral devices 0218,processing proceeds to ST0312. In ST0312, the user ID, group ID, andrequested service ID entered by the user 0210 or stored in the mobileterminal 0211 is combined with the user's peripheral device informationacquired in ST0311 and sent to the service device 0220.

[0050] In ST0313, when a service request message is received from amobile terminal 0211, a search for equipment peripheral devices 0228starts. The service device 0220 receives device information fromequipment peripheral devices 0228. It also checks whether or not otherperipheral devices exist and repeats processing if equipment peripheraldevices 0228 exist. If equipment peripheral devices 0228 do not exist,processing proceeds to ST03 14. In ST0314, information received from themobile terminal 0211 and information relating to equipment peripheraldevices 0228 acquired in ST03 13 are used in referring to the EACL, andthe access level determined. In ST03 15, the user 0210is provided withthe service based on the access level determined in ST03 14.

[0051]FIG. 27 is a flowchart that shows the processing throughout asystem that uses a history information data base in the presentinvention. The processing from ST2710 through ST2714 is the same as thatfrom ST0310 through ST0314. ST2715 determines the access level afterreferring to the history information DB 0230. Which of the determinedaccess level and the access level determined in ST2714 will be used isdetermined in accordance with a policy (for example, the lowest accesslevel will be selected). In ST2716, the user 0210 is provided a servicebased on the access level determined in ST2715.

[0052]FIG. 4 is a flowchart that shows the peripheral device detectionprocessing that occurs in a mobile terminal in the present invention. InST0410, I/O 0212 from the user 0210 and user information and servicerequests are received via an application 0213. In ST0411, a peripheraldevice search request is sent to communication processing 0217.Specifically, a request to send a broadcast message is sent to alldevices. In ST0412, the peripheral device information sent from a user'speripheral device 0218 to communication processing 0217 is received. InST0413, a request to acquire information relating to a user's peripheraldevices 0218 is sent to equipment configuration management processing0215. In ST0414, user information and the information received fromequipment configuration management processing 0215 is sent to theservice device 0220.

[0053]FIG. 5 is a flowchart that shows equipment configurationmanagement processing (non-resident processing) in a mobile terminal inthe present invention. In ST0510, a reference request is sent fromperipheral device detection processing 0216 to the user's peripheraldevice information data base 0214. In ST0511, reference is made to theuser's peripheral device information data base 0214 based on the user'speripheral device information. In ST0512, the results of the referenceobtained in ST0511 are sent to peripheral device detection processing0216.

[0054]FIG. 6 is a flowchart that shows equipment configurationmanagement processing (resident processing) in a mobile terminal in thepresent invention. In ST0610, a user's peripheral device information isreceived from communication processing 0217. In ST0611, reference ismade to a user's peripheral device information data base 0214 based onthe user's peripheral equipment information. In ST0612, any changes inthe status of a user's peripheral device 0218 are reported to peripheraldevice detection processing 0216. Processing then returns to ST0610.

[0055]FIG. 7 is a flowchart that shows peripheral device detectionprocessing in a service device in the present invention. In ST0710, aservice request is received from a mobile terminal 0211. In ST0711, aperipheral device retrieve request is sent to communication processing0227. Specifically, a request to send a broadcast message to each deviceis sent. In ST0712, peripheral device information sent to communicationprocessing 0227 from equipment peripheral devices 0228is received. InST0713, a request to acquire information relating to equipmentperipheral devices 0228 is sent to equipment configuration managementprocessing 0225. In ST0714, user information and information receivedfrom equipment configuration management processing 0225 is sent toaccess control processing 0222.

[0056]FIG. 8 is a flowchart that shows equipment configurationprocessing (non-resident processing) in a service device according tothe present invention. In ST0810, a reference request sent fromperipheral device detection processing 0224 to the equipment andperipheral device information data base 0226 is received. In ST0811,reference is made to the peripheral device around equipment informationdata base 0226 based on information relating to equipment peripheraldevices 0228. In ST0812, the results of the referral made in ST0811 aresent to peripheral device detection processing 0224.

[0057]FIG. 9 is a flowchart that shows the equipment configurationmanagement processing (resident processing) in a service device in thepresent invention. In ST0910, information relating to equipmentperipheral devices 0228 is received from communication processing 0227.In ST0911, reference is made to the peripheral devices around equipmentinformation data base 0226 based on the information relating toequipment peripheral devices 0228. In ST0912, changes in the status ofequipment peripheral devices 0228 are reported to access controlprocessing 0222. Processing then returns to ST0910.

[0058]FIG. 10 shows a message sent when a user requests a service via amobile terminal in the present invention. The above message comprises acommunication header 1010 and data 1014. Its main elements include theuser ID 1011 used for user verification, the group ID 1012 of the groupto which the user belongs, and the requested service 1013 that the userrequests of the service device. The main elements in the data 1014include the peripheral equipment configuration 1015 relating to theuser's peripheral devices, and the requested service 1016.

[0059]FIG. 11 shows the information sent from the user in the presentinvention. The main elements of this information include: the sendingdate and time 1110 that shows the time at which data was sent from theuser; the user ID 1111 that specifies the user; the group ID 1112 thatshows the group to which the user belongs; and the requested service ID1113 for the service requested of the service device 0220 by the user0210.

[0060]FIG. 12 shows the user's peripheral device information in thepresent invention. The main components of this information include thereception date and time 1210 that shows the time at which the peripherywas detected and data obtained, and the user's peripheral deviceinformation 1211 for devices around the user (including ID and statusvalues). Note here that the user's peripheral device information 1211 isonly valid when the user has peripheral devices 0218.

[0061]FIG. 13 shows the EACL that uses the peripheral device informationin the present invention. The main components are: the access level 1310provided for the user for accessing the service devices in the EACL;group ID 1311 for the group to which the user belongs; the user'speripheral device information (including ID and status value) 1312 fordevices existing around the user, and information relating to peripheraldevices around the equipment (including ID and status value) 1313 fordevices around the service device. Note here that the user's peripheralinformation 1312 and information relating to equipment peripheraldevices 13 13 are only valid when there are user's peripheral devices0218 and equipment peripheral devices 0228.

[0062]FIG. 23 shows an EACL in which access levels change according tothe period of time during which a service is requested or provided inthe present invention. The main components include reception information2310, the period of time 2311, and the access level 2312. Receptioninformation 2310 comprises a group ID 1311 received from the above user,user's peripheral device information (including ID and status value)1312, and information relating to peripheral device around equipment(including ID and status value) 1313 for peripheral devices locatedaround the above service device. The period of time 2311 refers to thetime during which a service is requested or provided. Access level 2312has the same value as the above access level 1310. Even when the sameinformation is received, different access levels may be provided becauseof the time at which the service is requested or provided.

[0063]FIG. 14 shows the relationship between access levels andprocessing that can be executed in the present invention. The maincomponents include: the access level 1410 determined in the above accesscontrol processing; the execution processing 1411 that can be executedin the service device; and access rights 1412 that show whether or notexecution processing can be implemented for all access levels.

[0064]FIG. 15 shows the judgment standards for peripheral devices in thepresent invention. The configuration used here is a circle of radius dL1511 centered around device i 1514 equipped with peripheral devicedetection processing 0214 for peripheral devices such as mobileterminals 0211 and service devices 0212. Here, dL is a neighborhooddistance threshold for a particular device. The circumference of thecircle is the neighborhood boundary line 1510. The distances betweendevice i 1514 and peripheral device j 1513 or non-peripheral device k1515 are measured using an infrared contact sensor. The distancesbetween the device i 1514 and peripheral device j and non-peripheraldevice k are dij 1512 and dik 1512 respectively. Here, it is judgedwhether the device targeted using inequality 1516 is a peripheral devicej 1513 of device i 1514 or a non-peripheral device k 1515.

[0065]FIG. 16 shows a method for fixing the peripheral threshold value(neighborhood distance threshold) in the present invention. The maincomponents include a user 1610, a user's peripheral device 1611, aservice device 1612, peripheral threshold information 1613, userinformation 1614, and a peripheral threshold 1615. The user 1610 sendsuser information 1614 (including user ID, group ID, and requestedservice ID) via a mobile terminal 0211 to a service device 1612. Theservice device 1612 that receives the above user information 1614 refersto the peripheral threshold information data base and determines theperipheral threshold 1615.

[0066] Here, the information used is the above user information 1614 andthe service device 1612 information. The determined peripheral threshold1615 is sent to the mobile terminal 1610 of the user. The mobileterminal 1610 conducts a search for a user's peripheral devices 1611using the received peripheral threshold 1615 as the retrieval range1616. Note here that when a user's peripheral device 1611 issimultaneously a peripheral device of the service device 1612,processing will be implemented in accordance with a particular policy(for example, recognize as the peripheral device with the lower accesslevel).

[0067]FIG. 17 is a conceptual diagram of an example of differentperipheral distances from a service in the present invention. The maincomponents include the service 1710 and the peripheral distance 1711.The peripheral distance 1711, (radius of circular peripheral area)within which the user 0210 can implement a search, is prescribed to suitthe service provided by the service device 0220. For example, theperipheral distance for a “door unlocking” service is “10 m” but theperipheral distance for a “door locking” service is “0 m”.

[0068]FIG. 18 is a schematic view of embodiment 1 in which an accesscontrol method in the invention is applied. The main components are adepartment manager 1810, section manager 1811, restricted area (safe)1812, and a suspicious person 1813. The section manager 1811 has a PDAthat acts as a mobile terminal 0211. The department manager 1810 has anID card on which their personal information is registered. This is themanager's peripheral device 0218. In this application example, anelectronic lock 1812 to a safe is the service device 0220. Anunregistered object (for example, an ID card) held by the suspiciousperson 1813 is the equipment peripheral device 0228. Here, a summary ofthe application example of an access control system that uses theperipheral device information according to the present invention is asfollows. “A section manager 1811 is not permitted to unlock the safe1812 by himself but can unlock it when accompanied by a departmentmanager 1810. Note that the safe cannot be unlocked when a suspiciousperson 1813 is detected in the vicinity of the safe 1812.” A moredetailed explanation is given below:

[0069] 1. A section manager 1811 uses a PDA to send personalverification information user ID: usr_676001027, group ID: grp_105) orservice information (requested service ID: safe unlocking) 1814. Notehere that the personal verification information is stored in the PDA andthe service information is selected by the user 0210 from the mobileterminal 0211 using the list of services that can be procured via thenetwork. Note that when personal verification information is to bestored on the PDA, it is assumed that it will be stored using memory anda SIM or WIM card.

[0070] 2. ID card information (peripheral device information:[info_udev]: {id.udev_001, stat.udev_001 . . . }), that is informationabout the PDA peripheral device, is sent with sent data to theelectronic lock 1812. To avoid situations in which a department manager1810 passes the section manager 1811 by chance, the department manager1810 must clearly hold up their ID card to a reader.

[0071] 3. The user's peripheral device information (including unique IDand status value) is acquired by the PDA using a common communicationprotocol (such as BT).

[0072] 4. The electronic lock 1812 that receives the message 1814 (userID, group ID, requested service ID, user's peripheral deviceinformation) from the PDA acquires unregistered object information(information relating to peripheral device around equipment:[info_ddev]: {id.ddev_001, stat.ddev_001, . . .}), that is informationabout a peripheral device around the equipment. The method forspecifying that someone is a suspicious person 1813 is as follows. When,in response to a request made to the communication equipment (includingan ID card) held by the suspicious person 1813, no answer is madedespite the fact that communication can be established, the person isidentified as a suspicious person 1813.

[0073] 5. The access level is determined by referring to the data (userID, group ID, requested service ID, user's peripheral deviceinformation, information about equipment peripheral devices) and theEACL in the electronic lock.

[0074] 6. The electronic lock 1812 is controlled by the determinedaccess level mode.

[0075] 7. The service (service not to unlock the safe) is provided tothe section manager 1811.

[0076] 8. In addition, a security system also operates when there areimportant objects in the safe. It is also noted that when there are notimportant objects in the safe, the embodiment can allow the entry intothe room by a multiplicity (for example, all registered persons) ofusers.

[0077]FIG. 19 is a summary view of embodiment 2 in which an accesscontrol method in the present invention is applied. The main componentsinclude a customer 1910, a shop assistant 1911, a product (such as a CD)1912, and the shop entrance 1913. The shop assistant 1911 has a shopassistant card as a mobile terminal 0211. Tagged products (such as CDs)arranged in the shop front are viewed as the user's peripheral devices0218.

[0078] Furthermore, the service device 0220 in this application exampleis a shop entrance 1913 near which is always located an alarm with a tagreader that checks for any unpaid-for products (such as CDs) being takenout. Specifically, information stating that a product has been paid foris written to the tag attached to a product (such as a CD) at the timeof payment and this tag is read at the shop entrance 1913. The alarmwill sound when the information read does not contain informationstating that the item has been paid for and the person holding thatproduct (such as a CD) is not the shop assistant. Here, the summary ofthe example of the application of an access control system that usesperipheral device information in the present invention is as follows.“An alarm will sound when a customer 1910 holding an unpaid-for product(such as a CD) 1912 nears the shop entrance 1913 but will not sound if ashop assistant 1911 passes through the entrance with a product (such asa CD) 1912.” A more detailed explanation is given below:

[0079] 1. When a customer 1910 attempts to pass through a shop entrance1913 without having paid for a product, the product (such as a CD) tag(including information stating that it has not been paid for) is read bya reader that is always located near the entrance.

[0080] 2. When the information read states that the product has not beenpaid for, the reader alarm will operate.

[0081] 3. When a shop assistant 1910 attempts to pass through the shopentrance 1913 while holding a product (such as a CD) 1912 that has notbeen paid for, the shop assistant card held by the shop assistant 1911and the product (such as a CD) tag (including information stating thatit has not been paid for) is read by a reader that is always locatednear the entrance.

[0082] 4. When the information read is shop assistant information, thereader will not operate the alarm regardless of the information relatingto payment written on the tag of the product (such as a CD) 1912.

[0083]FIG. 21 is a schematic view of embodiment 3 in which an accesscontrol method in the present invention is applied. The main componentsinclude employee A 2110, employee B 2111, and an elevator 2112. EmployeeA 2110 and employee B 2111 use a mobile terminal to call the elevator2112 to the requested level. Employee A requests a service from a placethat is more than a set distance (neighborhood distance threshold) 2113from the elevator 2112 and employee B requests a service from within thecircle formed with a radius that is the neighborhood distance threshold2113. An overview of the example in which an access control system thatuses peripheral device information according to the present invention isas follows. “Employee A 2110, who is in a place far away from theelevator (a place that is more than the neighborhood distance threshold2113 away) cannot call elevator 2112 but employee B, who is close by(within the circular area of a radius equal to the neighborhood distancethreshold 2113) can call the elevator 2112”. A more detailed explanationis given below:

[0084] 1. Employee A 2110 uses a mobile terminal to send a requestmessage to elevator 2112 calling an elevator.

[0085] 2. The distance between the elevator and the mobile terminal ofemployee A is measured using the time difference between the time thatthe message was sent from the mobile terminal and the time the messagewas received by the elevator 2112. Note here that any other method formeasuring this distance can also be used.

[0086] 3. Access to the elevator is not permitted when the distancemeasured above is greater than the neighborhood distance threshold 2113.

[0087] 4. Conversely, when the measured distance is less than theneighborhood distance threshold as is the case with employee B 1211,access to the elevator is permitted and the service is provided toemployee B 2111.

[0088]FIG. 22 is a schematic view of embodiment 4 in which an accesscontrol method in the present invention is applied. The main componentsinclude: an employee 2210, a suspicious person 2211, the mobile terminal2212 of the employee, the mobile terminal 2213 of the suspicious person,the front gates 2214, a history information data base 2215, and acarried object 2216.

[0089] An overview of an example in which an access control system thatuses the peripheral device information in the present invention is asfollows. “Employee A who has a mobile terminal 2212 can pass through thefront gate but a check is made on a suspicious person 2211 who is unableto send positive personal information despite having a mobile terminal2213, who is carrying a carried object 2216, and who attempts to passthrough the front gate. Through use of the history information data base2215 of carried objects 2216 in conjunction with the peripheralequipment configuration, the suspicious person 2211 is not allowed topass through the front gate.” A more detailed explanation is givenbelow:

[0090] 1. When employee A 2210, who is carrying a mobile terminal 2212,attempts to pass through the front gates, personal information isacquired from the above mobile terminal 2212.

[0091] 2. Reference is made to the in-house data base, for example,confirmation that above employee A is an employee is made, and thenemployee A is permitted to pass through the front gates.

[0092] 3. Personal information cannot be obtained from the mobileterminal 2213 of a suspicious person 2211 carrying a mobile terminal2213 and a carried object 2216 when they attempt to pass through thefront gates. This also occurs when data containing personal informationfor example is intentionally not sent despite communication beingestablished.

[0093] 4. Reference is made to the history information data base 2215 ofcarried objects 25 2216.

[0094] 5. The access level is determined when the targeted equipment2611 (FIG. 26) is deemed to be the carried object 2216, the referencestarting point 2612 is deemed to be the library, the reference end point2613 is the front gates, and the history information 2614 is deemed tobe the action history information of the suspicious person 2211 (time2510, status (value) 2511, peripheral equipment 2512).

[0095] 6. The access level obtained using the peripheral equipmentconfiguration and the above access level are compared and the accesslevel determined in accordance with a particular policy (for example,priority is given to the lowest access level).

[0096] 7. Access control is implemented in accordance with thedetermined access level.

[0097]FIG. 25 is a schematic view of the history information data basesfor users and equipment in the present invention. The main componentsinclude the time 2510, status (value) 2511, and peripheral equipment2512. The time 2510 is the time (including date information) at whichthe history information relating to the targeted user or equipment wascollected. The status (value) 2511 is the status value of the targeteduser or equipment at time 2510. For example, when the target is books ina library, the status value could be “not borrowed” or “alreadyborrowed”. The peripheral equipment 2512 is equipment located around thetargeted user or equipment at time 2510 and for status (value) 2511.

[0098]FIG. 26 shows the EACL when a history information data base isused in the present invention. The main components include an accesslevel 2610, targeted equipment 2611, a reference starting point 2612, areference end point 2613, and history information 2614. The access level2610 is the access level for the targeted equipment 2611 determined inthis EACL. The reference starting point 2612 is a starting point whenthe history information database 2215 is referenced. The reference endpoint 2613 is an ending point when the history information database 2215is referenced. The history information 2614 is the action historyinformation (status (value) 2510, time 2511, peripheral equipment 2512)for a targeted person between the reference start point 2612 for thetargeted equipment 2611 and the reference end point 2613.

[0099]FIG. 24 is a schematic view of a system in embodiment 5, in whichan access control method in the present invention is applied. The maincomponents include employee A 2410 who requests a service in themorning, employee A 2411 who requests a service in the afternoon, and aroom door 2412. An overview of an example in which an access controlsystem that uses peripheral device information according to the presentinvention is as follows. “Employees A 2410 and 2411 can both enter theroom if they apply to do so in the morning but cannot enter the room ifthey apply to do so in the afternoon.” A more detailed explanation isgiven below:

[0100] 1. During the morning, employee A 2410 sends a message to a roomapplying to enter the room.

[0101] 2. The above message, as in above embodiment examples 1 through4, contains the configuration and statuses of peripheral equipment.

[0102] 3. Employee A 2410 is permitted to enter the room uponapplication during the morning.

[0103] 4. However, even when the above peripheral equipment informationis the same, employee A 2411 is not permitted to enter the room uponapplication during the afternoon.

[0104] 5. This embodiment also includes examples in which permission toenter the room is issued according to the period of time during which aservice is provided (for example, room use time), regardless of the timeat which employees A 2410 or 2411 submit the application.

[0105]FIG. 20 is a schematic view of a system in embodiment 6, in whichan access method in the present invention is applied. The maincomponents include a service requesting device 2010, access levelverification office 2012, and a service distribution device 2013. Theservice requesting device sends a service request to the servicedistribution device 2013. Here, the service request is sent along withinformation relating to the user 2010 and the user's peripheral devices0218. The service distribution device 2013 that receives the aboverequest uses access level reference processing 2014 to refer to theaccess level in the access verification office 2012. At this time, theinformation received from the service requesting device 2010 andinformation relating to equipment peripheral devices 0228 is sent. Theaccess level verification office 2012 that receives the aboveinformation uses the EACL to determine the access level and send this tothe service distribution device 2013. The service distribution device2013 that receives the above access level information provides a serviceto suit the received access level. An embodiment of a system that usesthis configuration is equivalent to above embodiments 1 through 5.

[0106] The embodiments described above are configured as detailed aboveand produce the following effects: (1) accurate access control thatincludes the peripheral statuses of both the service recipient and theservice sender is enabled; and (2) access control that can react withflexibility to changes in the statuses of users or service devices isenabled. The present invention enables services, such as access control,to be provided accurately. Variations and modifications of the disclosedillustrative embodiments of the present invention will no doubt suggestthemselves to those skilled in the relevant arts. Accordingly, theforegoing discussions should be considered as illustrative and not in alimiting sense.

What is claimed is:
 1. A method for operating a service device toprovide a service comprising: detecting a request from a requestingdevice to provide said service; obtaining peripheral informationrelating to one or more peripheral devices, said peripheral devicesbeing within a predetermined distance of said service device; andproviding said service depending on said peripheral information.
 2. Themethod of claim 1 wherein said providing said service is furtherdependent on a time of detection of said request.
 3. The method of claim1 wherein said peripheral information includes information relating topositions of said peripheral devices relative to said service device. 4.The method of claim 3 wherein said peripheral information furtherincludes information relating to whether one of said peripheral devicesis within said predetermined distance of said service device.
 5. Themethod of claim 1 wherein said peripheral information for each of saidperipheral devices is obtained from said peripheral device or from adata store separate from said service device.
 6. The method of claim 1further including detecting when one of said peripheral devices makes atransition between a first condition and a second condition, said firstcondition being a condition where said one of said peripheral devices iswithin said predetermined distance of said service device, said secondcondition being condition where said one of said peripheral devices isbeyond said predetermined distance of said service device, said step ofproviding said service further being dependent on detecting saidtransition.
 7. The method of claim 1 further including obtaining secondperipheral information relating to positions of one or more secondperipheral devices relative to said requesting device.
 8. The method ofclaim 7 wherein said second peripheral information further includesinformation relating to whether one of said one or more secondperipheral devices is within a second predetermined distance from saidrequesting device.
 9. The method of claim 7 wherein said secondperipheral information for each of said second peripheral devices isobtained from said each second peripheral device or from a data storeseparate from said each second peripheral device.
 10. The method ofclaim 7 wherein said second peripheral information includes informationrelating to whether one of said second peripheral devices is within saidsecond predetermined distance from said requesting device.
 11. Themethod of claim 1 further including obtaining at said service devicesecond peripheral information independently of obtaining a request fromsaid requesting device, said second peripheral information relating toone or more second peripheral devices.
 12. The method of claim 1 whereinsaid request includes user information indicative of a user of saidrequesting device, said step of providing further dependent on said userinformation.
 13. The method of claim 1 wherein said obtaining peripheralinformation includes transmitting a peripheral information request forsaid peripheral information.
 14. The method of claim 1 wherein saidobtaining peripheral information includes obtaining said peripheralinformation absent transmitting a request for said peripheralinformation.
 15. The method of claim 1 further including transmitting arequest for access information and in response to said transmitting,receiving said access information, said access information contained ina data store separate from said service device and from said peripheraldevices, said step of providing further being dependent on said accessinformation.
 16. The method of claim 1 further including obtaininghistory information relating to one or more of said requesting device, auser of said requesting device, and said service device, said step ofproviding further being dependent on said history information.
 17. Amethod for operating a service device to provide a service comprising:detecting a request from a requesting device to provide said service;obtaining peripheral information relating to one or more peripheraldevices, said peripheral devices being within a predetermined distanceof said requesting device; and providing said service depending on saidperipheral information.
 18. The method of claim 17 further includingobtaining history information relating to one or more of said requestingdevice, a user of said requesting device, and said service device, saidstep of providing further being dependent on said history information.19. The method of claim 17 wherein said providing said service isfurther dependent on a time of detection of said request.
 20. The methodof claim 17 wherein said peripheral information includes informationrelating to positions of said peripheral devices relative to saidrequesting device.
 21. The method of claim 20 further includingobtaining second peripheral information relating to positions of one ormore second peripheral devices relative to said service device.
 22. Aservice device for providing a service comprising: detector circuitryoperable to detect a request from a requesting device to provide saidservice; control circuitry operable to obtain peripheral informationrelating to one or more peripheral devices, said peripheral devicesbeing within a predetermined distance of said service device; and accesscontrol circuitry operatively coupled to said control circuitry, saidaccess control circuitry operable to allow or disallow providing of saidservice depending on said peripheral information.
 23. The device ofclaim 22 wherein said peripheral information includes informationrelating to whether one of said peripheral devices is within saidpredetermined distance of said service device.
 24. The device of claim22 wherein said control circuitry is further operable for communicatingwith a data store to obtain said peripheral information for some of saidperipheral devices, said data store being separate from said servicedevice.
 25. The device of claim 22 wherein said detector circuitry isfurther operable to detect when one of said peripheral devices makes atransition from a condition of being within said predetermined distanceof said service device to a condition of being beyond said predetermineddistance of said service device, or a transition from a condition ofbeing beyond said predetermined distance of said service device to acondition of being within said predetermined distance of said servicedevice, said access control circuitry further being operatively coupledto said detector circuitry and further being operable to allow ordisallow providing of said service depending on detecting saidtransitions.
 26. The device of claim 22 wherein said control circuitryis further operable to obtain second peripheral information relating toone or more second peripheral devices within a second predetermineddistance from said requesting device.
 27. The device of claim 26 whereinsaid second peripheral information for each of said second peripheraldevices is obtained from said each second peripheral device or from adata store separate from said each second peripheral device.
 28. Thedevice of claim 26 said control circuitry is further operable to obtainadditional information relating to whether one of said second peripheraldevices is within said second predetermined distance from saidrequesting device.
 29. The device of claim 22 wherein said controlcircuitry is further operable to obtain second peripheral informationindependently of said detector circuitry, said second peripheralinformation relating to one or more second peripheral devices.
 30. Thedevice of claim 22 wherein said request includes user informationindicative of a user of said requesting device, said access controlcircuitry further being operable to allow or disallow providing of saidservice dependent on said user information.
 31. The device of claim 22wherein said control circuit includes a communication portion operableto obtain said peripheral information by transmitting a peripheralinformation request for said peripheral information.
 32. The device ofclaim 22 wherein said control circuitry is further operable to obtainhistory information relating to one or more of said requesting device, auser of said requesting device, and said service device, said accesscontrol circuitry further operable to allow or disallow providing ofsaid service dependent on said history information.
 33. An servicecontrol system for providing a service comprising: one or morerequesting devices; and one or more service providing devices incommunication with said one or more requesting devices; each of saidservice providing devices comprising: detector circuitry operable todetect a request from one of said requesting devices to provide saidservice; control circuitry operable to obtain peripheral informationrelating to one or more peripheral devices, said peripheral devicesbeing within a predetermined distance of said each service device; andaccess control circuitry operatively coupled to said control circuitry,said access control circuitry operable to allow or disallow providing ofsaid service depending on said peripheral information.
 34. The system ofclaim 33 further including one or more data stores, each said data storeproviding said peripheral information.
 35. The system of claim 33wherein some of said requesting devices have associated peripheraldevices, the system further including one or more first data stores andone or more second data stores, each first data store providing saidperipheral information for at least one of said peripheral devices, eachsaid second data store providing second peripheral information relatingto one or more of said associated peripheral devices.
 36. A servicedevice for providing a service comprising: means for detecting a requestfrom a requesting device to provide said service; means for obtainingperipheral information relating to one or more peripheral devices, saidperipheral devices being within a predetermined distance of said servicedevice; and means for providing said service depending on saidperipheral information.
 37. The method of claim 36 further includingmeans for obtaining second peripheral information relating to one ormore second peripheral devices within a second predetermined distancefrom said requesting device.
 38. The method of claim 36 furtherincluding means for obtaining history information relating to one ormore of said requesting device, a user of said requesting device, andsaid service device, said means for providing further being dependent onsaid history information.
 39. A service device for providing a servicecomprising: means for detecting a request from a requesting device toprovide said service; means for obtaining peripheral informationrelating to one or more peripheral devices, said peripheral devicesbeing within a predetermined distance of said requesting device; andmeans for providing said service depending on said peripheralinformation.